1. 首頁
  2. 問答
  3. PHP SELECT語句不起作用

PHP SELECT語句不起作用

2015-10-18 101 views
2

我正在爲我的網站製作登錄表單。當我在我的登錄表單上單擊提交時,它似乎無法運行SELECT語句,因爲它在我的代碼中。PHP SELECT語句不起作用

$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = '$passwordclean'"); 

    if($row = mysqli_fetch_assoc($result)){ 

     $finalmessager['success'] = 'You are logged in'; 
     $_SESSION['finalmessager']= $finalmessager; 
    }else{ 
     $finalmessager['fail'] = 'You are not logged in'; 
     $_SESSION['finalmessager']= $finalmessager; 
    }

它似乎識別$ emailclean,但它似乎不讀取$ passwordclean。但是,當我嘗試手動將密碼,如

$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = 'celenelqdekdnnd.......'");

它似乎工作正常。

我在這裏做錯了什麼?

這是我的代碼:

require "../config/init.php"; 
require "../config/config.php"; 
if(isset($_POST['submit'])){ 

$passwordclean = mysqli_real_escape_string($mysqli_conn, hash("sha512", $_POST['password'])); 
$emailclean= mysqli_real_escape_string($mysqli_conn, $_POST['email']); 


$errorCheckr = array(); //an array is introduced to check errors 
$finalmessager = array();//an array to display final message 

if (empty($emailclean)) { 
    $errorCheckr['emailcheck'] = 'Please enter your email'; 

}else{ 
    $_SESSION['email'] = $emailclean; 
} 

if (empty($passwordclean)) { 
    $errorCheckr['passwordcheck'] = 'Please enter your password'; 

}else{ 
    $_SESSION['password'] = $passwordclean; 
} 


//Sanitize 

if (!empty($emailclean) && !filter_var($emailclean, FILTER_VALIDATE_EMAIL)) { 
    $errorCheckr['emailvalidcheck'] = 'Your email is not valid'; 
} 


if (strlen($email) > 50) { 
    $errorCheckr['emaillengthcheck'] = 'Your email is too long'; 
} 

if (!empty($passwordclean) && strlen($passwordclean) < 5) { 
    $errorCheckr['passwordlengthcheck'] = 'Your password is too short'; 
} 


if (empty($errorCheckr)) { 


    $result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = '$passwordclean'"); 

    if($row = mysqli_fetch_assoc($result)){ 

     $finalmessager['success'] = 'You are logged in'; 
     $_SESSION['finalmessager']= $finalmessager; 
    }else{ 
     $finalmessager['fail'] = 'You are not logged in'; 
     $_SESSION['finalmessager']= $finalmessager; 
    } 

    unset($_SESSION['email']); 
    unset($_SESSION['password']); 

    header('location:../loginform.php'); 



}else{  


    $_SESSION['regErrors']= $errorCheckr; 

    header('location:../loginform.php'); 

} 
}

來源

2015-10-18 user5455438

+0

請,請,*請使用*預處理語句和參數化查詢,以避免SQL注入攻擊! http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php –

回答

1

上的錯誤首先依次爲:

<?php 
error_reporting(E_ALL); 
ini_set('display_errors', '1');

測試,如果交變和密碼設置:

<?php 
var_dump($_POST['password']); 
var_dump($passwordclean);

一些提示:

1)爲什麼要保存密碼ord在會議中?

2)你正在檢查$ passwordclean的長度,它總是128個字符,因爲它是用sha512散列的。

3):

<?php 
$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '". mysqli_real_escape_string($mysqli_conn, $_POST['email']) ."' AND password = '". mysqli_real_escape_string($mysqli_conn, hash("sha512", $_POST['password'])) ."'");

來源

2015-10-18 11:35:01 user2191227

+0

非常感謝您的信息。我做了一些調整,並改變了我的數據庫。它現在似乎工作正常 – user5455438

相關問題

 相關問題